An input attack is a malicious attack on an application where the attacker is inputting data in an attempt to disrupt the application. Two of the most well-known input attacks are buffer overflow and script injection.
Countermeasures for these include:
- Effective input field filtering. Input fields should be filtered to remove all characters that might be a part of an input injection. Which characters are removed will depend upon the types of software used by the application.
- Application firewall. Network firewalls inspect only the source and destination addresses and the port numbers, but not the contents of network packets. Application firewalls examine the contents of packets and block packets containing input attack code and other unwanted data.
- Application vulnerability scanning. Organizations that develop their own applications for online use should scan those applications for input attack vulnerabilities, in order to identify vulnerabilities prior to their being discovered and exploited by outsiders.
These countermeasures lower the risk of input injection by making the application more robust and/or protected from input attacks.
Pingback: Countermeasures for web application parameter tampering attacks « Securitas Operandi™
Pingback: Chinese Hackers: no web site is 100% safe « Securitas Operandi™